Old Computer Accounts

D

dbouton

I have looked for this information with no luck. Can someone explain
to me the process of how Active irectory handles Computer Accounts that
have physically been taken off the network for good. We add Computers
all the time. Old computers however get discarded without ever being
taken out of the domain. For example we had a room of 30 computers and
all of them got replaced and were just unhooked and stored in a garage
a year ago. However they still show in Active Directory. They are not
disabled (don't show a red X). However other computers do show a red x
(this was not done by us). It seems Active Directory handles this
somehow. But yet the year old computers that do not exist are still
out there and luckily I know to remove these but we have over 2000
computers so I don't always know which ones are gone. How can I find
this out through Active Directory. I tried waiting to see if they
would become disabled but after a year they still appear as normal.
Any help is appreciated.

Dawn
 
P

ptwilliams

Each domain member has a secure channel, a discrete communications channel,
with each DC in the domain. The password that the computer uses to talk to
a DC over this secure channel is changed every thirty days (NT 5.x - NT 4
does it every seven days). AD doesn't provide any pruning or cleaning up of
stale accounts -accounts that have not changed their password in sometime.

MVP extraordinaire Joe Richards has written a free, command line tool to
address this. You can download it here:
-- http://www.joeware.net/win/free/tools/oldcmp.htm


The AD hasn't disabled those accounts. A user has.

Hope this helps.

--

Paul Williams

http://www.msresource.net/
http://forums.msresource.net/

I have looked for this information with no luck. Can someone explain
to me the process of how Active irectory handles Computer Accounts that
have physically been taken off the network for good. We add Computers
all the time. Old computers however get discarded without ever being
taken out of the domain. For example we had a room of 30 computers and
all of them got replaced and were just unhooked and stored in a garage
a year ago. However they still show in Active Directory. They are not
disabled (don't show a red X). However other computers do show a red x
(this was not done by us). It seems Active Directory handles this
somehow. But yet the year old computers that do not exist are still
out there and luckily I know to remove these but we have over 2000
computers so I don't always know which ones are gone. How can I find
this out through Active Directory. I tried waiting to see if they
would become disabled but after a year they still appear as normal.
Any help is appreciated.

Dawn
 

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments. After that, you can post your question and our members will help you out.

Ask a Question

Similar Threads

Red X on Computers in AD 5
computer accounts still showing up in AD 1
Kids Safety Software 7
How to remove the old machine accounts in Active Directory 1
how to remove nt4 pdc from Win2000 AD? 2
Old computer accounts 4
Privelages for Local Security Group Management 2
Renaming of computer name in a domain still shows old name in AD Computers 1

Top